Etra Principal Technology Risk Analyst, External Audit

Job Description:

The Role

The External Audit Center of Excellence within Fidelity's Enterprise Technology Risk and Analytics (ETRA) group is seeking a passionate, driven, and experienced professional to help us oversee the technology areas of external audit engagements. You will enhance and run the external audit oversight program activities focused on key technology areas including DevOps, Cloud and Technology Operations. In addition, you will perform proactive risk assessments and develop control strategies for emerging technologies including AI/Machine Learning and Snowflake data services. To accomplish this, you will work closely with technology support teams, Enterprise Cybersecurity (ECS), Enterprise Infrastructure (EI), Cloud and Platform Engineering (CAPE), BU Technology partners, BU Operations Risk, and Fidelity's external auditors. The role can be based in Merrimack, Boston, Smithfield, North Carolina, or Westlake, and will report to the External Audit Center of Excellence Lead.

The Team

External Audit Center of Excellence oversees the management and execution of technology audit engagements (e.g., SOC 1, SOC 2, control attestations) for the Enterprise. External audit certifications are critical to Fidelity's institutional businesses, and our key focus is protecting the interests of our clients, customers, and Fidelity's brand by overseeing the effectiveness of technology controls through successful completion of external audit certifications. The CoE collaborates closely with the business units, technology leaders and operational risk teams develop best in class standards and practices for external audits and build the roadmaps for future technology and business requirements.

The Expertise and Skills You Bring

• 5-9 years' experience in information technology auditing, information technology risk, cyber security, or controls assurance roles

• Bachelor's degree in Computer Science, Information Systems, Technology, or a related field of study preferred

• Demonstrated technical abilities in multiple areas including technology infrastructure and application controls, cloud, cyber security, and access management

• Experience or knowledge of CI/CD technologies, automated code build and deployments pipelines/orchestration solutions

• Experience performing risk assessments, control assessments, IT Audits or implementing Cybersecurity controls for large scale financial service organizations

• Experience supporting or conducting SOC 1 or control attestation audit engagements preferred but not required

• Professional technology risk certification (CISSP, CISA, CISSP, CRISC, CISM) and/or Cloud Certification(s) (CCSP, CCSK, AWS) preferred

• Your love of solving complex problems, and comfort with ambiguous situations, and your ability to help solution innovative ways to mitigate risk and develop controls using your analytical and critical thinking skills

• Your process orientation and understanding of operations and technology enabling you to provide support in the analysis, development, and monitoring of controls

• Experience with Cloud security and controls and cloud technology environments (AWS/Azure, PaaS, SaaS)

• Knowledge of industry standards, frameworks, and methodologies, such as SOC 1, SOC 2, ISO27001, HITRUST

• You have excellent verbal and written communication skills enabling you to prepare and present findings clearly and concisely

• You demonstrate a proven sense of ownership, accountability, and a commitment to achieving objectives

• Your ability to build and maintain collaborative working relationships to craft and assist in the execution of appropriate controls design and monitoring

The Value You Deliver

• Leading external auditor readiness engagements and readiness assessments and providing timely status updates to management

• Planning and coordination of audit cycles with external auditors and internal stakeholders

• Facilitating requests from external auditor and monitoring to ensure timely completion

• Performing technology risk assessments and developing control strategies, including documenting controls, identifying potential gaps and/or inconsistencies and making sound recommendations for improvement and/or mitigation.

• Providing technical assistance on risk related systems issues, and serving as a liaison with technology and risk teams to track external audit findings, perform issues follow-up, consulting and action plans with owners and issue resolution

• Assessing the various information technology risks that the business faces in its operations and implementing action plans, policy and procedural changes for risk avoidance and mitigation.

• Evaluating control maturity by performing control design and operating effectiveness reviews and peer reviewing as needed.

• Assist with conducting Cloud Risk assessments and readiness reviews for applications and workloads migrating to the public Cloud environment.

Certifications:

Company Overview

Fidelity Investments is a privately held company with a mission to strengthen the financial well-being of our clients. We help people invest and plan for their future. We assist companies and non-profit organizations in delivering benefits to their employees. And we provide institutions and independent advisors with investment and technology solutions to help invest their own clients' money.

Join Us

At Fidelity, you'll find endless opportunities to build a meaningful career that positively impacts peoples' lives, including yours. You can take advantage of flexible benefits that support you through every stage of your career, empowering you to thrive at work and at home. Honored with a Glassdoor Employees' Choice Award, we have been recognized by our employees as a top 10 Best Place to Work in 2024. And you don't need a finance background to succeed at Fidelity-we offer a range of opportunities for learning so you can build the career you've always imagined.

Fidelity's working model blends the best of working offsite with maximizing time together in person to meet associate and business needs. Currently, most hybrid roles require associates to work onsite all business days of one assigned week per four-week period (beginning in September 2024, the requirement will be two full assigned weeks).

At Fidelity, we value honesty, integrity, and the safety of our associates and customers within a heavily regulated industry. Certain roles may require candidates to go through a preliminary credit check during the screening process. Candidates who are presented with a Fidelity offer will need to go through a background investigation, detailed in this document, and may be asked to provide additional documentation as requested. This investigation includes but is not limited to a criminal, civil litigations and regulatory review, employment, education, and credit review (role dependent). These investigations will account for 7 years or more of history, depending on the role. Where permitted by federal or state law, Fidelity will also conduct a pre-employment drug screen, which will review for the following substances: Amphetamines, THC (marijuana), cocaine, opiates, phencyclidine.

We invite you to Find Your Fidelity at fidelitycareers.com.

Fidelity Investments is an equal opportunity employer. We believe that the most effective way to attract, develop and retain a diverse workforce is to build an enduring culture of inclusion and belonging.

Fidelity will reasonably accommodate applicants with disabilities who need adjustments to participate in the application or interview process. To initiate a request for an accommodation, contact the HR Accommodation Team by sending an email to accommodations@fmr.com.